Why You Should Avoid Connected Toys This Holiday Season

Thinking of giving a connected toy as a gift this holiday season? If so, you may want to reconsider that decision, at least for the time being. This year has seen some of the most widespread security breaches in recent memory. botnet attacks solely on IoT devices have been on the rise. And while botnets are quickly becoming more advanced, IoT device security has remained weak, if present at all.

The Dangers Of Wi-Fi Enabled Children’s Toys

The arrival of Mattel’s Hello Barbie was met with harsh criticism over privacy concerns.

From blatant invasions of privacy to allowing strangers to talk directly to your child, connected toys present a new and ever present danger.

Take for instance Mattel’s Hello Barbie, which was released around this time a few years ago. The premiere feature of this doll is a push-to-talk microphone and speaker located on the doll’s necklace. Once activated, the child’s voice is sent to ToyTalk (Mattel’s partner on this project) where keywords are identified and an appropriate response is transmitted back to the doll. The issue with this? The entire conversation is kept on record to help “improve” the product in the future. In essence, the Hello Barbie doll is a surveillance device for Mattel. All of the information acquired by these dolls can be used as Mattel sees fit, including the right to sell this information off to third party companies.

The situation surrounding Hello Barbie depicts how a connected toy can be intentionally designed to exploit your child’s privacy. In fact, Germany has taken legislative action against a similar connected toy. As of this time last year, the connected toy My Friend Carla (which behaves in a similar way to Mattel’s Hello Barbie) has been designated as an “illegal espionage apparatus” by the German government. As a result, any German store found selling the My Friend Carla will be heavily fined.

Security Flaws In Connected Toys

In addition to privacy concerns, connected toys also suffer from lackluster security protocols. One potentially dangerous example of this is the I-Que Intelligent Robot. By itself, the I-Que Intelligent Robot is simply an action figure that lights up. However, once connected to a smartphone app, the toy essentially becomes an IoT device. This connection gives the robot a whole new set of actions, including games and text-to-speech activation.

But because of the devices lack of security, any individual with this app installed on their phone can easily access the toy. And since the app allows for text-to-speech, any stranger can communicate directly to your child without you knowing.

While its true that anyone attempting to access these connected toys would have to be within Wi-Fi or Blutooth range. These ranges can be extended, allowing an individual to easily search for unsecured devices from outside the house.

If your child already has a connected toy (even if it’s not one of the above) you should make sure they remain supervised while they play with it. That way, even if their particular toy has vulnerabilities, you can ensure your child remains safe.